By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

reached “security appliance fatigue.” With every new threat, a vendor would pop up with a new appliance.

The bank had a ton of security data, including Windows and IDS logs, but had difficulty leveraging it for security analytics. Two security information and event management (SIEM) systems helped with log analysis, but Zions reached the limits with existing technology in search of its goal of enabling a data-driven security strategy.

For the Salt Lake City-based bank holding company, the solution was found by leveraging one of the hottest concepts in information security: big data. More specifically, it harnessed information from its disparate security data sources by developing a Hadoop-based security data warehouse.

“Big data is not entirely hype…We think it’s a game changer for the industry,” Preston Wood, chief security officer at Zions said Thursday in a presentation at RSA Conference 2012.

Wood said the strategy for making use of security big data enables the company to mine data across the entire enterprise to speed up forensics investigations and improve fraud detection, as well as overall security.

The warehouse allowed Zions to gather data that was spread across multiple locations, and to keep a couple years’ worth of data, which is better for security modeling, said Michael Fowkes, director of fraud management. The warehouse stores more than 120 different types of data, including transactions, logs, fraud alerts, server logs, firewall logs and IDS logs. After two years of collecting data, it currently stores 120 terabytes.

Zions uses a layer of analytics tools, both commercial and custom, and analysts to mine data. “To derive value from data," Fowkes said, "we obviously need people” who can dig into the data.

Aaron Caldero, data scientist at Zions, said his position represents an emerging field that involves applying statistical methodologies to filter and mine data. He described the process as a different way of looking at data security that enables proactive instead of reactive security.

“Being a data detective, I feel like Sherlock Holmes,” he said.

Fowkes said the biggest benefit with the big data strategy for forensics has been speed. In the past, incident response involved a time-consuming process of examining voluminous log files. “Having that in Hadoop is like having distributed grep,” he said.

Kelly White, director of information security at Zions, said the big data strategy has helped the company to improve threat modeling. For example, the security analyst team had already identified signs of a spear phishing attack, but combining that data with the statistical methodologies boosts the bank’s ability to identify potential attacks.

Account takeover – fueled by malware – is a major security problem for financial firms, Fowkes said, but the intelligence provided via its big data strategy helps Zions to quickly act on intelligence it receives from various sources on malware threats and counter them.

In the future, Wood said, the bank would like to leverage analytics and intelligence for automatic response.

While implementing a similar system may seem daunting to some organizations, Wood told attendees that many of them likely have pockets of the skills needed for data-driven security analytics. Instead of relying on security products and the reports they produce, he advised security teams “to take a closer look at your data and gain that intelligence yourself.”

A big data security strategy isn’t a product you can buy, Wood said. He said organizations can start small and leverage the tools they have, and can investigate business intelligence or open source tools.

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy